How to harvest 1.2 billion usernames and passwords

Welcome to this week’s Technology Updates, a vibrant mix of hot topics and future trends.

The future is here.

Last week it was revealed that Russian hackers harvested 1.2 billion usernames and passwords from numerous websites. You should get really upset. People are continuously lectured by security experts on how to create a secure password with upper case, lower case letters, special characters and numbers. Yet, the lack of security of these websites is outrages.

The simplicity of the attack demonstrates either the complete naïveté of these companies regarding website security or the disregard for protecting the information of their customers. For a non-technical user it might sound very sophisticated and difficult to imagine how to break into these websites. However, here is a simple technical description (for illustrative purposes), which anybody can follow with minimum technical knowledge.

Get a list of websites. Where? Alexa.com provides a list of top 1 million websites. They have the highest traffic and the most registered users.

Write a script, which scans all the websites and looks for SQL queries embedded in the web pages. SQL is a programming language for databases. Databases are used to store your personal information.

Modify the SQL query and test it for its vulnerability to SQL injection. SQL injection is in the top 10 website vulnerabilities. Basic description of SQL injection is here –> http://en.wikipedia.org/wiki/SQL_injection

Download all the information from the vulnerable website. Go back to step 3 and repeat until you exhaust your list.

Now that you have all the information, break into individual accounts, steal banking information, steal identity, apply for credit cards, make online purchases, sell the information to others.

The software required for this simple exercise can be downloaded free of charge. The detailed description of how to build a secure code can be downloaded for free as well. If you care about your customers, I can help you.

CTV Morning News aired the interview with yours truly, to provide perspective for the people who are affected with simple tips on how to protect yourself against these attacks –> http://g3t.ca/TCcplm

Trending this week…

This week brought us some interesting, note-worthy articles and news:

The digital advertising industry is under attack (since it started). The estimate is that as much as 50% of traffic is generated by bots. Yet, the advertisers have no control over them.

There is a new app for your iPhone. Attach a lens, which allows you to take a picture of your blood drop. It can detect if you have malaria in matter of seconds. Still in its infancy, but another piece in the ‘analyze yourself’ trend.

Google is being sued. This time for defamatory autocomplete suggestions. Maybe Google search engine knows something and will be soon swimming with the fishes.

Sony gave up on its eReader. Sony suggests Kobo as your next eReading device.

Microsoft will no longer support older browsers. Too big of a risk, too much work for little return.

You have spent time and money mining Bitcoins, once done you wanted to validate your new fortune. That’s when the money got stolen. The man-in-the-middle attack yielded $83,000 just in 30 seconds.

Reminder: USB sticks are one of the easiest ways to hack your computer. They come with malware preinstalled. Just asks Iranians. They are still upset about the centrifuges.

Do you remember the data breach at Target? It happened 8 months ago. The final number is out. It cost Target $148 million dollars. Still doubtful about your website security?